ReputationDefender’s Community Manager Rob Frappier and his new wife Nicole Tersigni just got back from their honeymoon in Kauai, Hawaii. In typical ReputationDefender style, however, they weren’t there just to enjoy the beautiful beaches and tropical scenery, but to do good and help people.

Rob and Nicole were a part of Habitat for Humanity’s Global Village program in Kauai, which focuses on eliminating poverty housing and homelessness on the island. During their stay, they began construction on a home with a team of other volunteers from across the country. The couple even landed a cover story in Kauai’s Garden Island newspaper.

We’re immensely proud of all the employees at ReputationDefender and we’re happy when we see them doing the same good work outside of the office that they do inside of the office. Congratulations to Rob and Nicole and best wishes for the rest of their lives together.

–

Rob Frappier in action on the Kauai Habitat for Humanity build site.

ReputationDefender’s Social Media Bill of Rights

As social networks have grown in importance, ReputationDefender has seen a shocking pattern of privacy violations, ranging from inappropriate data sharing to attempts to trick users into revealing their personal information.

It is time users took back control of their online privacy. ReputationDefender presents this draft Social Media Bill of Rights to provoke thought about how social networking sites—like Facebook, MySpace, Twitter, and others—should treat users and protect privacy. We strongly believe that social networking sites should recognize and grant each of these rights to users in an open and transparent way.

Here is our proposed Social Media Bill of Rights. We look forward to discussing these ideas at CFP2010 and learning from other experts in the field. Stop by and check out our demo of the free Facebook app PrivacyDefender (PrivacyDefender.net) at the CFP Tech Fair.

Social Media Users Have These Rights

1) The right to privacy.

When in doubt, privacy comes first.

By default, users should not expose information to the world, to data brokers, to corporations, or to anyone else.

Users have the right to share as much or as little as they want. They are in charge of their privacy, and all data sharing comes only after user consent.

2) The right to choose.

Privacy settings must be easy and understandable. If your parents can’t use it, then it’s not simple enough.

Privacy controls should be easy to find. Social networks should put privacy controls next to where they are needed; near photos, near data collection portals, and other places where users expect to find them.

If taking an action (installing an app, using a new feature, etc) will expose or share data, users deserve to know before they commit. Social networks should explain the privacy cost of each new feature, and let them make an informed choice.

Interfaces should not be evil. Each interface should clearly communicate the privacy consequences of each action. Interfaces that collect or use data in a non-intuitive way should be clearly labeled and explained.

Any kind of external data sharing should be opt-in, not opt-out. If it’s so useful, it will be easy to convince users to sign up. Outside corporations don’t have a right to user information without clear user consent.

3) The right to data minimization.

Just because a social network can, collect information doesn’t mean it should. Social networks should strive to collect no more information about users than what is required to present social functions.

Storing “click stream,” “search history,” and other data that is not directly tied to social functions is often an invitation to privacy invasions. Storing this data does not directly enhance user experiences and often violates user expectations.

When in doubt, aggregate. Aggregated data often fulfills the same function without the privacy risks.

We don’t know the long-term consequences of mass-scale data collection and storage; it is better to err on the side of caution and data minimization.

4) The right to honest communication.

Users have a right to know how their information is being used. Tell them. Use language you’d use with friends, not language used by lawyers. Agreements should be easy to understand and not contain hidden legalese.

If something goes wrong, tell users openly and honestly so that they may protect themselves.

If aggregated data turns out to not be anonymous (like the Netflix Prize data set), tell affected users. Openness today will save headaches tomorrow.

Even if the lawyers can find a legal loophole, users deserve to be treated with respect; social networks should treat users as they expect to be treated, not at the minimum possible legal threshold.

5) The right to delete.

Users have a right to leave social networks. When they do, they should be able to easily take back their data too.

The right to delete includes deleting any marketing information or dossier that has been compiled about them, including any behavioral advertising data.

Exceptions are permitted for financial transactions and other records that must be kept for legal compliance.

6) The right to know.

Users have the right to know:

– how information about them is being collected;

– to whom their data is being sold;

– how their data is secured;

– how many people can see their personal information;

– when there are data security incidents, even if they don’t trigger existing notification laws.

Disclosures should be in plain language.

If data is being collected in non-obvious ways (click patterns, through offline sources, etc) then it requires special notice.

7) The right to dignity.

Some information is too personal for social networks to demand or share. Even if it is possible to find out intimate secrets of users’ lives, it is usually best to not.

There are limits on the wisdom of behavioral and contextual advertising, even if users have agreed to it. Social networks should think twice before trying to profit from their users’ grief, weaknesses, or personal failings.

Social networking engineers should always ask themselves, “would I want my data to be used this way?” If not, don’t code it and don’t implement it.

Sites should not encourage users to debase, defame, or abuse each other. There is always another person at the other computer; remind users to treat each other with dignity.

8 ) The right to accountability.

Social networking sites should be willing to undergo regular privacy audits to prove they are using data only in approved ways. Sites that don’t allow privacy audits should be considered suspect.

Leaders of social sites should accept personal responsibility for the security and privacy practices of their sites. If they make a false promise, they should be held personally accountable.

9) The right to not participate.

Users have the right to not participate in social networking. If they choose not to, social sites should not compile a dossier or file about them, even if friends volunteer that data.

Non-users should be able to find out how personal information about them is being shared or discussed (including “tagged” photos or facially-recognizable photos) without providing further personal information.

10) The right to social privacy.

Social networks should make it easy for users to help friends be respectful of privacy.

Social networks should not encourage users to violate each others’ privacy. Interfaces that encourage prying or over-sharing are disfavored.

Social networks should allow users to contact each other about potential privacy violations and privacy requests. A simple “I’d prefer this photo not be online” notification system can help friends communicate their preferences without threatening free expression or creativity.

This is our Bill of Rights for social media. What’s yours?

Thanks to many others who have contributed to the field, including Jack Lerner and Lisa Borodkin, Mark Sullivan, Kurt Opsahl, John Battelle, and Duncan Work.

Michael Fertik is CEO and Founder of ReputationDefender, Inc., the world’s first and largest comprehensive online reputation and privacy management service. ReputationDefender helps users take back control of their online image, their online privacy, and their lives. Michael may be contacted, including for press and media inquires, through ReputationDefender.

Despite a recent blogoplex flap over whether Zuckerberg cares about privacy, it doesn’t matter if he actually does or doesn’t. Figuring out if he is a privacy devotee is like trying to read tea leaves. It doesn’t help, and it doesn’t matter. In the end, Facebook can’t care deeply about privacy. A company can’t care deeply about the privacy of its users if its business is predicated on selling it. Any business dependent on advertising must sell what it knows about its users.

Whatever pro-privacy beliefs Zuckerberg himself might have, the market has forced him to give them up. In social media, to generate more revenue from your eyeballs, there will always be a Race to the Privacy Bottom: the next entrepreneur will be willing to sell more of your privacy than the last, which will force the market to keep reducing protection for privacy until it’s finally and totally eroded. Count on it like you count on spring rain.

It’s a similar waste of commentator time to point to user behavior on Facebook and elsewhere, wave our hands around, and say that social norms are changing drastically that users don’t care about privacy any longer. Of course users care about privacy. That’s why sites like advertising-driven sites Facebook make opt-in the default setting whenever they change their privacy policies or features. That’s why advertising-driven sites like Facebook make it hard for users to opt out of those changes.

Even very smart tech writers are having a hard time succinctly explaining how to walk users through opting out of Facebook’s most recent changes. The dials to reverse (most–can’t reverse them all!) the latest Facebook changes are difficult to find and ponderous to change, ’cause you gotta do them one by one. Sites like Facebook make sweeping Forced Opt-In Default changes because they know that giving users an upfront opportunity to opt out will drastically reduce the adoption, which will drastically reduce revenue growth potential. In fact, a Forced Opt-In Default is the surest sign that we know that users, when given a choice, will opt for more privacy.

What’s worrisome to me is when a company invites you to deposit a huge amount of information with it under one set of privacy rules and then moves the goalposts on you. On Day One they make one set of promises, on Day Ten another, and by Day 100 they change the rules again. (At least one set of writers have predicted what will happen in the next twenty years in FB privacy.) Whenever the company makes a change, it gives you no easy and  friction-free way to reverse it. In fact, it exclusively greases the wheels the other way.

A cynic would say that they are inviting you to participate under false pretenses and then trouncing you with the old bait and switch. We already know that credit card companies, banks, and insurance companies try to do this routinely. All of us have received lengthy, tiny-print mailers that supposedly explain changes in our credit, our interest rates, and our coverage. Those mailers are impossible to read. It takes a JD/PhD to get through the first paragraph. But we are probably comforted by the fact that credit card companies, banks, and insurers are all regulated to some degree: they have to play within certain rules. Imagine if your bank acted like an Internet company and one day simply announced that it was going to publish your bank balance along with everyone else’s because “people don’t care about privacy any more.”

For nearly the first time, it seems, the Senate, not usually the fastest-twitch muscle in the American technical landscape, is lumbering awake to the topic of privacy and the Internet. Senators Schumer and Franken have asked Facebook to “provide [users] with full control over their personal information.” One wonders aloud if the FTC is long to follow.

How many other kinds of company can get customers to use their product under one set of assumptions and then change the rules after every meal? How would that look in other industries?

Restaurant: Thank you for ordering your steak! The kitchen has changed its mind and is giving you this plate of chicken. And we’ve just raised the prices by 50%!

Automotive: From now on, the car you purchased will run in reverse!

Healthcare: Your surgery will be televised! Hooray!

Entertainment: Halfway through the movie, the director reveals that he’s been filming the audience the whole time and that the footage will be his next movie.

Credit cards: The CEO has waved his Magic Kingstick: you will now need to pay 100% of your balance every day! (Well, weird: don’t credit card companies actually do that? Yes, and they just got more regulated for exactly that reason.)

My suggestion: let’s stop twiddling our thumbs worrying about whether this or that executive of this or that social media company “cares” about privacy. He can’t. If you’re selling your users’ data, you can’t care about their privacy.

Now let’s figure out what to do about it.

The New York Times reports that newspaper sites are reviewing whether to allow anonymous comments. This is not a big surprise. Anonymity is a clear virtue of the Internet in many contexts (the classic case is anonymous criticism of totalitarian regimes), but, as we see every day in our work, it can also release the worst parts of our Id.

The next step will be to observe whether this shift changes user behavior. Will users simply and increasingly create additional “personas” they can use to comment pseudonymously?

Measuring the asymptotically über-hockeystick spread
of the news about Tiger Woods

According to an article in the UK Daily Mail, some researchers are trying to sort out a formula that can scope and predict the virality of rumors on the Internet.

It’s an interesting pursuit. I suspect a very good formula — as measured by its accuracy — would be very useful. Not just for measuring rumors, of course….

It would also be interesting to measure how much influence particular Speakers or Repeaters have in spreading the news.

(Watch this page. We’re working on this kind of stuff, too!)